Few software technologies are more difficult to learn to implement than the Lightweight Directory Access Protocol (LDAP). Most commonly you'll know LDAP as Active Directory on Windows or OpenLDAP on just about every other operating system. It was designed to make system administration easier, but unless you know how to install, configure, and successfully implement it, OpenLDAP can't do a thing for you. Fortunately for those of us who weren't born omniscient, O'Reilly has a great book on the subject: LDAP System Administration.

Writing analysis

LDAP System Administration is not a very long book, and I think that's a good thing. The core technology is excellently explained in the first part, and the rest is all about how to integrate OpenLDAP with other services and technologies. A small third portion of the book offers some example schemas for specific situations.

The writing is clear, concise, well-considered, and in general this book is easy to read and follow. The example configuration files and snippets show exactly what the supporting text is teaching, and seem to work as presented. Technical terms are sufficiently explained. Overall, the writing is top-notch and properly matched to the book's content.

Putting the book to the test

LDAP System Administration starts out with the most basic of directory information, and gradually builds on that new knowledge to show you every facet of OpenLDAP installation and configuration. If you are totally new to OpenLDAP, you will need to take notes, but if you're serious about learning it, you'll advance very quickly. This is by no means a beginner's text; it assumes that you are already a system administrator and that you want to centralize your user authentication and other peripheral services through OpenLDAP. The other services that the book mentions are covered lightly; it's assumed that you already know these technologies and just need to learn how to integrate them with OpenLDAP.

By following the first section of LDAP System Administration from start to finish, you will be properly prepared to install and configure OpenLDAP on your server or as part of your network. The second section shows you how to integrate your existing services with OpenLDAP, so you won't need to read everything in it. A small third section is full of example schemas for use with a variety of OpenLDAP usage scenarios, to be used primarily as a reference so that you can see how it's done.

The second section covers integrating OpenLDAP with the following programs, servers, services, and technologies: Eudora, Thunderbird, Outlook, Pine, Postfix, Exim, Sendmail, FTP, HTTP, LPD, RADIUS, DNS, and Samba. There is also a section that shows you how to replace a NIS implementation with OpenLDAP, and a chapter on integrating OpenLDAP with Active Directory. Lastly, the second section features a chapter on scripting and control of OpenLDAP functions with Perl.

Summary and conclusions

I bought this book to learn how to implement OpenLDAP on some OpenBSD and GNU/Linux systems, and I couldn't have been more pleased with the result. LDAP System Administration is the perfect sysadmin's introduction to LDAP. If you have serious plans to switch over to OpenLDAP on your network, with this book as your companion you can generally expect to have everything finished in one work week or less, depending on the complexity of your situation.

Be warned that this is not a developer-centric text. You will not learn how to hack OpenLDAP or build programs based on it from LDAP System Administration. To put it bluntly, the book's title says everything you need to know about its content.

Discuss this article or get technical support on our forum.

Copyright 2007 JEM Electronic Media, Inc. No reprints without written permission.